#endif
#include <openssl/bn.h>
+#include "../ssl/ssl_locl.h"
+
/*
* Or gethostname won't be declared properly
* on Compaq platforms (at least with DEC C).
static char *cipher = NULL;
static int verbose = 0;
static int debug = 0;
-#if 0
-/* Not used yet. */
-# ifdef FIONBIO
-static int s_nbio = 0;
-# endif
-#endif
-
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
static int do_test_cipherlist(void);
+
static void sv_usage(void)
{
fprintf(stderr, "usage: ssltest [args ...]\n");
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
#endif
#ifndef OPENSSL_NO_PSK
#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
-#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
-#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
fprintf(stderr, " -rle - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
fprintf(stderr,
" -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
" Use \"openssl ecparam -list_curves\" for all names\n"
}
}
-#ifdef TLSEXT_TYPE_opaque_prf_input
-struct cb_info_st {
- void *input;
- size_t len;
- int ret;
-};
-struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
-struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
-
-int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
-{
- struct cb_info_st *arg = arg_;
-
- if (arg == NULL)
- return 1;
-
- if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
- return 0;
- return arg->ret;
-}
-#endif
-
int main(int argc, char *argv[])
{
char *CApath = NULL, *CAfile = NULL;
char *server_key = NULL;
char *client_cert = TEST_CLIENT_CERT;
char *client_key = NULL;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CTX *s_ctx = NULL;
DH *dh;
int dhe1024 = 0, dhe1024dsa = 0;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
EC_KEY *ecdh = NULL;
#endif
#ifndef OPENSSL_NO_SRP
}
#endif
else if (strcmp(*argv, "-tls1") == 0) {
-#ifdef OPENSSL_NO_TLS1
- no_protocol = 1;
-#endif
tls1 = 1;
} else if (strcmp(*argv, "-ssl3") == 0) {
#ifdef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
named_curve = *(++argv);
#else
fprintf(stderr,
meth = SSLv3_method();
else
#endif
-#ifndef OPENSSL_NO_TLS1
if (tls1)
meth = TLSv1_method();
else
-#endif
meth = SSLv23_method();
c_ctx = SSL_CTX_new(meth);
(void)no_dhe;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (!no_ecdhe) {
int nid;
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
#endif
-#ifdef TLSEXT_TYPE_opaque_prf_input
- SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
- SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
- /* or &co2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
- /* or &so2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
-#endif
-
if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
} else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
else
ret = doit(s_ssl, c_ssl, bytes);
+ if (ret) break;
}
if (!verbose) {
print_details(c_ssl, "");
}
- if ((number > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number,
+ if ((i > 1) || (bytes > 1L))
+ BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", i,
bytes);
if (print_time) {
#ifdef CLOCKS_PER_SEC
if (bio_err != NULL)
BIO_free(bio_err);
EXIT(ret);
- return ret;
}
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
do {
- /*-
- * c_ssl_bio: SSL filter BIO
- *
- * client: pseudo-I/O for SSL library
- *
- * client_io: client's SSL communication; usually to be
- * relayed over some I/O facility, but in this
- * test program, we're the server, too:
- *
- * server_io: server's SSL communication
- *
- * server: pseudo-I/O for SSL library
- *
- * s_ssl_bio: SSL filter BIO
- *
- * The client and the server each employ a "BIO pair":
- * client + client_io, server + server_io.
- * BIO pairs are symmetric. A BIO pair behaves similar
- * to a non-blocking socketpair (but both endpoints must
- * be handled by the same thread).
- * [Here we could connect client and server to the ends
- * of a single BIO pair, but then this code would be less
- * suitable as an example for BIO pairs in general.]
- *
- * Useful functions for querying the state of BIO pair endpoints:
- *
- * BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
- * other side's read attempt
- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
- *
- * ..._read_request is never more than ..._write_guarantee;
- * it depends on the application which one you should use.
- */
+ /*-
+ * c_ssl_bio: SSL filter BIO
+ *
+ * client: pseudo-I/O for SSL library
+ *
+ * client_io: client's SSL communication; usually to be
+ * relayed over some I/O facility, but in this
+ * test program, we're the server, too:
+ *
+ * server_io: server's SSL communication
+ *
+ * server: pseudo-I/O for SSL library
+ *
+ * s_ssl_bio: SSL filter BIO
+ *
+ * The client and the server each employ a "BIO pair":
+ * client + client_io, server + server_io.
+ * BIO pairs are symmetric. A BIO pair behaves similar
+ * to a non-blocking socketpair (but both endpoints must
+ * be handled by the same thread).
+ * [Here we could connect client and server to the ends
+ * of a single BIO pair, but then this code would be less
+ * suitable as an example for BIO pairs in general.]
+ *
+ * Useful functions for querying the state of BIO pair endpoints:
+ *
+ * BIO_ctrl_pending(bio) number of bytes we can read now
+ * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
+ * other side's read attempt
+ * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
+ *
+ * ..._read_request is never more than ..._write_guarantee;
+ * it depends on the application which one you should use.
+ */
/*
* We have non-blocking behaviour throughout this test program, but
{
/* CLIENT */
- MS_STATIC char cbuf[1024 * 8];
+ char cbuf[1024 * 8];
int i, r;
clock_t c_clock = clock();
{
/* SERVER */
- MS_STATIC char sbuf[1024 * 8];
+ char sbuf[1024 * 8];
int i, r;
clock_t s_clock = clock();
printf("server waiting in SSL_accept - %s\n",
SSL_state_string_long(s_ssl));
/*-
- else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n"); */
+ else if (s_write)
+ printf("server:SSL_write()\n");
+ else
+ printf("server:SSL_read()\n"); */
}
if (do_client && debug) {
printf("client waiting in SSL_connect - %s\n",
SSL_state_string_long(c_ssl));
/*-
- else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n"); */
+ else if (c_write)
+ printf("client:SSL_write()\n");
+ else
+ printf("client:SSL_read()\n"); */
}
if (!do_client && !do_server) {
fprintf(stdout, "ERROR IN STARTUP\n");
ERR_print_errors(bio_err);
- break;
+ goto err;
}
if (do_client && !(done & C_DONE)) {
if (c_write) {
if (ok == 1) {
X509 *xs = ctx->current_cert;
-#if 0
- X509 *xi = ctx->current_issuer;
-#endif
-
if (xs->ex_flags & EXFLAG_PROXY) {
unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx
if (cb_arg->allow_proxy_certs) {
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
}
-#ifndef OPENSSL_NO_X509_VERIFY
ok = X509_verify_cert(ctx);
-#endif
if (cb_arg->proxy_auth) {
if (ok > 0) {
}
fprintf(stderr, "ok\n");
#endif
-#ifndef OPENSSL_NO_TLS1
fprintf(stderr, "testing TLSv1 cipher list order: ");
meth = TLSv1_method();
tci = NULL;
tci = ci;
}
fprintf(stderr, "ok\n");
-#endif
return 1;
}